Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Create a wallet

A wallet is a single Ed25519 keypair stored in an encrypted file. Each wallet file = one keypair = one address. (Exfer is not a BIP-32 HD wallet — if you want multiple addresses, generate multiple wallet files. See Wallet developer guide for HD-style address derivation.)

Generate

Encrypted (recommended):

exfer wallet generate --output ~/my-wallet.key --json

The CLI prompts twice for a passphrase. Pick something strong and write it down — the file is useless without it.

For non-interactive scripts (CI, agents):

EXFER_PASS="your-passphrase" exfer wallet generate --output ~/my-wallet.key --json
# (the CLI does not read EXFER_PASS automatically — see below for env-var
#  flow with `exfer init`)

Unencrypted (only for ephemeral testing):

exfer wallet generate --output /tmp/test.key --no-encrypt --json

Never store production funds in an unencrypted wallet.

What you get back

{
  "file":    "/home/you/my-wallet.key",
  "address": "8d896d64864f53214acb49aeb44a09a03d5bb23d19a417a6ce7b0da65c7bd750",
  "pubkey":  "fcbd5a818501cd5439ebe8c0c5ff244c0f1475333e226b7f998e6eb80552c69d"
}
FieldWhat it's for
fileThe path to the encrypted key file. Back this up.
address64-hex (32 bytes). Share this with people who pay you.
pubkeyThe Ed25519 public key. Used when mining (--miner-pubkey) so the mining server never needs the private key.

The private key stays inside the encrypted .key file and is decrypted on demand by the CLI when you sign a transaction.

Back it up immediately

cp ~/my-wallet.key ~/Documents/exfer-wallet.key.backup
# or onto a USB stick, etc.

The file is encrypted — it's safe to put on cloud storage, but you still have to remember the passphrase. There is no recovery if you lose both.

See Backup & recovery for the full backup strategy (wallet, node identity, chain data).

Inspect an existing wallet

exfer wallet info --wallet ~/my-wallet.key --json

Shows the address and pubkey. Requires the passphrase if the file is encrypted.

Why a single keypair per file?

Exfer's wallet model is intentionally simple. If you need many addresses (e.g. one per customer in an exchange), generate many wallet files and track the mapping yourself. See For wallet developers for HD-style derivation patterns.

Common pitfalls

  • Losing the passphrase — you cannot recover. Treat passphrase loss as fund loss.
  • Storing only encrypted backups in one place — disk crash kills the wallet. Keep at least two copies in physically different locations.
  • Reusing the same wallet for mining and spending — fine technically, but mining requires only the pubkey on the server. Keep the private key off the mining machine and use --miner-pubkey instead. See Solo mine.